Critical Vulnerabilities in Remote Desktop MS12-020

Microsoft Security Bulletin MS12-020 says, “vulnerabilities could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system.”

  • It can be exploited over the network.
  • Companies often make RDP accessible on the standard TCP port 3389 from the Internet for remote access to servers and sometimes workstations.

SANS recommend applying the MS12-020 patch as quickly as practical in your environment. Until you install the patch, consider moving your RDP listeners to non-standard ports.  Additionally having NLA enabled, the vulnerable code is still present and could potentially be exploited for code execution. However, NLA would require an attacker to first authenticate to the server before attempting to exploit the vulnerability.

Reference:
KB 2671387

No comments yet.

Leave a Reply